Your next step into digital

Our cloud and security services

Cloud Security Strategy Assessment

Product brochure

PRODUCT BROCHURE Cloud Security Strategy Assessment 2

ContentsWhat is a Cloud Security Strategy Assessment?

What’s in it for you?

What’s included in the Cloud Security Strategy Assessment?

Why Vodafone?

PRODUCT BROCHURE 3 Cloud Security Strategy Assessment

Organisations can now consider public, private or hybrid cloud as part of their ongoing IT estate. Vodafone has teams of specialists available to help companies develop world-class security strategies to safeguard data and protect assets in the cloud. Vodafone Security offerings are designed to test and help secure potential security gaps. We guide you through each critical step of building a security-rich cloud posture.

From collecting and reviewing data to creating a strategic security roadmap, the service helps develop security protocols designed for the cloud. This service has been designed to provide a comprehensive approach to helping identify vulnerabilities before a security incident occurs. Security specialists provide the tools needed to create a risk-aware program to help companies in each phase of their security journey.

What is a Cloud Security Strategy Assessment?

Cloud Security Strategy Assessment – Method summary

Delivery phases PHASE 1:

Project initiation

PHASE 2:

Assess

PHASE 3:

Analyse

PHASE 4:

Recommend

Key activities Initiate project, collect and review data

Identify current IT security posture

Define target state Develop project definition and prioritisation

Prepare team and assets

Catalogue enterprise cloud usage

Perform gap analysis Create roadmap

Prepare current state assessment

Prepare executive report

Develop business case

Current state assessment

• Data collection check point

• Project work plan

Current state assessment

• IT cloud security current state

• Security protocols/ workload sensitivity mapping

• Current state assessment

Strategy report

• Target state rating

• Gap analysis

• Cloud security maturity assessment tool

• Cloud security maturity framework

• Strategic assessment

• Executive summary

High level plan

• Project definition and prioritisation

• Roadmap

• High level plan

PRODUCT BROCHURE Cloud Security Strategy Assessment4

What do you use it for?

This proven and comprehensive service helps clients:

• Comply with key regulatory requirements

• Protect confidentially, integrity and availability of your resources and data workloads

• Establish appropriate risk management strategies, no matter the cloud security service model

• Extend controls beyond on-premises environments with governance and assurance

What is the service?

The Cloud Security Strategy Assessment service offers actionable results in four key phases: initiate, analyse, assess and recommend.

• In the first phase of project initiation, security specialists develop a common understanding of the project objectives and roles and responsibilities, and review the cloud security standard to assess and benchmark against

• During the analysis phase, gaps are identified and documented by benchmarking and mapping against pre-defined regulations or standards

• After the analysis, the assessment phase begins, where remediation tasks are prioritised based on expected security maturity

• In the last phase of recommendation, security specialists outline a strategic roadmap for improving the effectiveness of the organisation’s cloud security posture

Within each phase, Vodafone prioritises cloud security scenarios for business-specific security requirements and help improve security controls and mechanisms to support better management of regulatory and industry requirements.

PRODUCT BROCHURE Cloud Security Strategy Assessment5

What’s in it for you?

Security is front of mind in many cloud transformations and migrations, and the service delivers a robust approach to assess and remediate potential security measures. This service delivers cloud transformation with security in mind. Vodafone help guide your cloud approach by implementing security measures from the start to help ensure success and protect your business strategies.

In addition, the service helps companies maintain compliance requirements. Vodafone’s team of security specialists help you expand your compliance efforts to include cloud initiatives and incorporate industry best practices.

Vodafone’s experience, tools and resources help you extend security beyond on-premise environments to achieve greater visibility and mitigate risks in the cloud. It also allows you to assess against any security regulation and standard. Vodafone ensure efficient security in the cloud and provide strategic guidance going forwards. We help you:

• Deal with hundreds of demands to maintain compliance with regulatory laws and policy in the cloud

• Comply with industry security standards, internal security policies and best practices to remain secure in the cloud

PRODUCT BROCHURE Cloud Security Strategy Assessment6

• Security specialists assess an organisation’s cloud-based risks, identify gaps and create a baseline maturity model

• Cloud scenarios and analyses help you identify specific security requirements and conduct a cost-benefit analysis for solutions

• A security roadmap help prioritise actions to secure existing cloud usage and consolidate new service offerings

• Our strategy framework covers the eight core domains that must be addressed by your cloud security strategy:

• Governance

• Metrics and monitoring

• Cloud security optimisation

• Data security

• Application security

• Network and system security

• Secure operations

• Identity and access management

• Business and technology alignment• Regulations• Risk management

• Strategic vision and investment• Accountability

• Value delivery to business• Managing third party providers

• Tracking of virtualised security incidents

• Integrate with business processes• Secure integration with legacy

systems

• Selection/performance of CSP• Managed security-related

risk in the cloud• Security continuity/availability

• Performance of cloud-specific staffing

• Virtualised environment security incidents

• Training on use of cloud (private v. non-private)

• Audit (cloud controls awareness)• Staffing (cloud provider)• Staffing (cloud consumer)

• Diagrams and documentation

• Hypervisor protection• CMDB• Malicious code protection• Performance and capacity

monitoring

• Perimeter protections• Firewall management• Intrusion detection/

prevention• Network traffic

management

• IAM platform architecture

• Access management

• Identity management

• Control monitoring

• IAM process documentation

• Access request• Role management

• Access reviews• Structure• Sourcing• Staffing• Education• Role definition

• Efficiency• Process capability• Quality• Cost• IAM operations• Security policy

• Strategy• Cost models• Program

governance• Executive• Sponsorship

• Capacity modelling and management

• Provisioning and de-provisioning

• Segregation of duties (SoD)

• Incident response• Secure provisioning of

IaaS, PaaS or SaaS• Secure architectural

agility, flexibility and availability

• Asset management and disposal

• Security audit

• Cloud provider selection• Logging and monitoring• Security patching• Penetration testing• Policies and standards• Security risk assessment

and management• Threat and vulnerability

management

• Source code control• Virtual Image Security• SDLC• Team security awareness• Third party testing

• Encryption• Data classification• Data models/flows• Data ownership• Data access

What’s included in the Cloud Security Strategy Assessment?

IBM’s assessment frameworkGovernance

Metrics

Cloud security optimisation

Network and system security

Identity and access management

Secure operations

Data security Application security

PRODUCT BROCHURE Cloud Security Strategy Assessment7

Vodafone Group is one of the world’s largest telecommunications companies and provides a range of services including voice, messaging, data and fixed communications. Vodafone Group has mobile operations in 25 countries, partners with mobile networks in 42 more and fixed broadband operations in 19 markets. As of 31 December 2018, Vodafone Group had approximately 700 million mobile customers and 21 million fixed broadband customers, including all of the customers in Vodafone’s joint ventures and associates.

By connecting people, places and things, Vodafone Business helps businesses of all sizes to succeed in a digital world. Our expertise in connectivity, together with our leading IoT platform, multi-cloud solutions, digital services and global scale, delivers the results customers need to help them progress and thrive. We are a trusted partner to businesses of all sectors and public services around the world, and work side by side with them to understand the unique challenges they face and the goals they want to achieve.

For more information, please visit: www.vodafone.com/business

Why Vodafone?

www.vodafone.com/businessVodafone Group 2019. This document is issued by Vodafone in confidence and is not to be reproduced in whole or in part without the express, prior written permission of Vodafone. Vodafone and the Vodafone logos are trademarks of the Vodafone Group. Other product and company names mentioned herein may be the trademark of their respective owners. The information contained in this publication is correct at the time of going to print. Any reliance on the information shall be at the recipient’s risk. No member of the Vodafone Group shall have any liability in respect of the use made of the information. The information may be subject to change. Services may be modified, supplemented or withdrawn by Vodafone without prior notice. All services are subject to terms and conditions, copies of which may be provided on request.

Next steps

If you want to discover more about the Cloud Security Strategy Assessment, please contact your Account Manager.